Make multi-part MAC operations thread-safe Within setup we create a copy of the key and put it in the operation field. After setup, we only ever use the new copy - and do not interact with any key slots. Therefore we need only register as a reader of the key during setup, then unregister after we stop accessing the key. Simultaneous API calls on the same operation object are not thread-safe. Signed-off-by: Ryan Everett <ryan.everett@arm.com>

commit: fb9857ff9eaa980411ac58831f42fd93b1471ecd [log] [tgz]
author: Ryan Everett <ryan.everett@arm.com> Wed Feb 14 12:16:41 2024 +0000
committer: Ryan Everett <ryan.everett@arm.com> Thu Feb 22 10:27:52 2024 +0000
tree: 5f3730a22a1c0e3c980507046c85301d32ee71aa
parent: d237190f04bac09728e10e6f4a9c7f61952b4c94 [diff]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 6cd6557..f9b2fff 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -2565,7 +2565,7 @@
         psa_mac_abort(operation);
     }
 
-    unlock_status = psa_unregister_read(slot);
+    unlock_status = psa_unregister_read_under_mutex(slot);
 
     return (status == PSA_SUCCESS) ? unlock_status : status;
 }
commit	fb9857ff9eaa980411ac58831f42fd93b1471ecd	[log] [tgz]
author	Ryan Everett <ryan.everett@arm.com>	Wed Feb 14 12:16:41 2024 +0000
committer	Ryan Everett <ryan.everett@arm.com>	Thu Feb 22 10:27:52 2024 +0000
tree	5f3730a22a1c0e3c980507046c85301d32ee71aa
parent	d237190f04bac09728e10e6f4a9c7f61952b4c94 [diff]